CCNA R&S-07-Building Ethernet LANs with Switches

©2015 Amir Jafari – www.amir-Jafari.com

Routing and Switching 200-1207 - Building Ethernet LANs with Switches

Building Ethernet LANs with Switches


Agenda

LAN Switching Concepts

Design Choices in Ethernet LANs



Historical Progression: Hubs, Bridges, and Switches

10BASE-T used a centralized cabling model similar to today’s Ethernet LANs, with each device connecting to the LAN using a UTP cable

Instead of a LAN switch, the early 10BASE-T networks used hubs, because LAN switches had not yet been created

10BASE-T (with a Hub)




With 10BASE-T using hubs: When hubs receive an electrical signal in one port , the hub repeats

the signal out all other ports

When two or more devices send at the same time, an electrical collision occurs, making both signals corrupt

As a result, devices must take turns by using carrier sense multiple access with collision detection (CSMA/CD) logic, so the devices share the (10-Mbps) bandwidth

Broadcasts sent by one device are heard by, and processed by, all other devices on the LAN

Unicast frames are heard by all other devices on the LAN




Ethernet transparent bridges helped solve this performance problem with 10BASE-T:

Bridges separated devices into groups called collision domains

Bridges reduced the number of collisions that occurred in the network, because frames inside one collision domain did not collide with frames in another collision domain

Bridges increased bandwidth by giving each collision domain its own separate bandwidth, with one sender at a time per collision domain




Bridge will buffer or queue the frame until the outgoing interface can send the frame

Adding the bridge in Figure really creates two separate 10BASE-T networks

Bridge Creates Two Collision Domains and Two Shared Ethernets




LAN switches perform the same basic core functions as bridges, but at much faster speeds and with many enhanced features

Like bridges, switches segment a LAN into separate collision domains, each with its own capacity.

Switch Creates Four Collision Domains and Four Ethernet Segments



Switching Logic

Unicast frames have a unicast address as a destination, these addresses represent a single device

broadcast frame has a destination MAC address of FFFF.FFFF.FFFF, this frame should be delivered to all devices on the LAN

LAN switches receive Ethernet frames and then make a switching decision: either forward the frame out some other port(s) or ignore the frame



Switching Logic

To accomplish this primary mission, transparent bridges perform three actions:

1. Deciding when to forward a frame or when to filter (not forward) a frame, based on the destination MAC address

2. Learning MAC addresses by examining the source MAC address of each frame received by the switch

3. Creating a (Layer 2) loop-free environment with other bridges by using Spanning Tree Protocol (STP)



The Forward-Versus-Filter Decision

To decide whether to forward a frame, a switch uses a dynamically built table that lists MAC addresses and outgoing interfaces

Switches compare the frame’s destination MAC address to this table to decide whether the switch should forward a frame or simply ignore it

If the destination address is a known unicast address , and the outgoing interface is the same as the interface in which the frame was received, the switch filters the frame, meaning that the switch simply ignores the frame and does not forward it

A switch’s MAC address table is also called the switching table, or bridging table, or even the Content Addressable Memory (CAM) table, in reference to the type of physical memory used to store the table




Sample Switch Forwarding and Filtering Decision




A switch’s MAC address table lists the location of each MAC relative to that one switch

In LANs with multiple switches, each switch makes an independent forwarding decision based on its own MAC address table. Together, they forward the frame so that it eventually arrives at the destination

The forwarding choice by a switch was formerly called a forward-versus-filter decision, because the switch also chooses to not forward (to filter) frames, not sending the frame out some ports.




Forwarding Decision with Two Switches



How Switches Learn MAC Addresses

Switches build the address table by listening to incoming frames and examining the source MAC address in the frame

If a frame enters the switch and the source MAC address is not in the MAC address table, the switch creates an entry in the table

That table entry lists the interface from which the frame arrived




Switch Learning: Empty Table and Adding Two Entries




Switches keep a timer for each entry in the MAC address table, called an inactivity timer

The switch sets the timer to 0 for new entries. Each time the switch receives another frame with that same source MAC address, the timer is reset to 0.

The timer counts upward, so the switch can tell which entries have gone the longest time since receiving a frame from that device.

The switch then removes entries from the table when they become old. Or, if the switch ever runs out of space for entries in the MAC address table, the switch can then remove table entries with the oldest (largest) inactivity timers

Aging time for all MAC addresses can be configured. The default is 300 seconds



Flooding Frames

Unknown unicast frames: frames whose destination MAC addresses are not yet in the address table

Switches flood unknown unicast frames

Flooding means that the switch forwards copies of the frame out all ports, except the port on which the frame was received

If the unknown device receives the frame and sends a reply, the reply frame’s source MAC address will allow the switch to build a correct MAC table entry for that device

Switches also forward LAN broadcast frames, because this process helps deliver a copy of the frame to all devices in the LAN



Avoiding Loops Using Spanning Tree Protocol

Without STP, any flooded frames would loop for an indefinite period of time in Ethernet networks with physically redundant links

To prevent looping frames, STP blocks some ports from forwarding frames so that only one active path exists between any pair of LAN segments

The result of STP is good: Frames do not loop infinitely, which makes the LAN usable

However, STP has negative features as well, including the fact that it takes some work to balance traffic across the redundant alternate links




Network with Redundant Links but Without STP: The Frame Loops Forever




To avoid Layer 2 loops, all switches need to use STP

STP causes each interface on a switch to settle into either a blocking state or a forwarding state.

Blocking means that the interface cannot forward or receive data frames, while forwarding means that the interface can send and receive data frames.

If a correct subset of the interfaces is blocked, only a single currently active logical path exists between each pair of LANs

STP behaves identically for a transparent bridge and a switch



Internal Processing on Cisco Switches

As soon as a Cisco switch decides to forward a frame, the switch can use a couple of different types of internal processing variations

Three types of these internal processing methods are supported in at least one type of Cisco switch:1. Store-and-forward 2. Cut-through3. Fragment-free

With store-and-forward, the switch must receive the entire frame before forwarding the first bit of the frame.




Because the destination MAC address occurs very early in the Ethernet header, a switch can make a forwarding decision long before the switch has received all the bits in the frame.

The cut-through and fragment-free processing methods allow the switch to start forwarding the frame before the entire frame has been received, reducing time required to send the frame (the latency, or delay)

With cut-through processing, the switch starts sending the frame out the output port as soon as possible. Although this might reduce latency, it also propagates errors. Because the Frame Check Sequence (FCS) is in the Ethernet trailer, the switch cannot determine whether the frame had any errors before starting to forward the frame. So, the switch reduces the frame’s latency, but with the price of having forwarded some frames that contain errors.




Fragment-free processing works similarly to cut-through, but it tries to reduce the number of errored frames that it forwards.

One interesting fact about Ethernet CSMA/CD logic is that collisions should be detected within the first 64 bytes of a frame

Fragment-free processing works like cut-through logic, but it waits to receive the first 64 bytes before forwarding a frame.

The frames experience less latency than with store-and-forward logic and slightly more latency than with cut-through, but frames that have errors as a result of collisions are not forwarded

today’s switches typically use store-and-forward processing




Switch Internal Processing



LAN Switching Features

Switch ports connected to a single device, providing dedicated bandwidth to that single device

Switches allow multiple simultaneous conversations between devices on different ports

Switch ports connected to a single device support full-duplex, in effect doubling the amount of bandwidth available to the device

Switches support rate adaptation, which means that devices that use different Ethernet speeds can communicate through the switch (hubs cannot)



Collision Domains

The different parts of an Ethernet LAN can behave differently, in terms of function and performance

The term collision domain referred to an Ethernet concept of all ports whose transmitted frames would cause a collision with frames sent by other devices in the collision domain

Collision Domains



Collision Domains

Only the hub allows a CD to spread from one side of the device to the other

If PC3 and the LAN switch both enabled half-duplex, which uses CSMA/CD, they would consider their frames to collide if they were sent and received at the same time

A collision domain is a set of network interface cards (NIC) for which a frame sent by one NIC could result in a collision with a frame sent by any other NIC in the same collision domain



Broadcast Domains

Only routers separate the LAN into multiple broadcast domains.

LAN switches flood Ethernet broadcast frames, extending the scope of the broadcast domain.

Routers do not forward Ethernet broadcast frames, either ignoring the frames, or processing and then discarding some broadcast from some overhead protocols used by routers.

bridges act like switches with broadcasts, and hubs repeat the signal, again not stopping the broadcasts



Broadcast Domains

Broadcasts sent by a device in one broadcast domain are not forwarded to devices in

another broadcast domain

A broadcast domain is a set of NICs for which a broadcast frame sent by one NIC is received by all other NICs in the same broadcast domain

Broadcast Domains



The Impact of Collision and Broadcast Domains on LAN Design

For a single collision domain: The devices share the available bandwidth The devices might inefficiently use that bandwidth because of

the effects of collisions, particularly under higher utilization

When a host receives a broadcast, the host must process the received frame. This means that the NIC must interrupt the computer’s CPU, and

the CPU must spend time thinking about the received broadcast frame

Broadcasts do require all the hosts to spend time processing each broadcast frame

Using smaller broadcast domains can also improve security, because of limiting broadcasts and because of robust security features in routers



The Impact of Collision and Broadcast Domains on LAN Design

Benefits of Segmenting Ethernet Devices Using Hubs, Switches, and Routers



Virtual LANs (VLAN)

A LAN consists of all devices in the same broadcast domain.

With VLANs, a switch groups interfaces into different VLANs (broadcast domains) based on configuration, with each interface in a different VLAN

Essentially, the switch creates multiple broadcast domains by putting some interfaces into one VLAN and other interfaces into other VLANs

So, instead of all ports on a switch forming a single broadcast domain, the switch separates them into many, based on configuration

Without VLANs, a switch considers all interfaces on the switch, and the devices connected to those links, to be in the same broadcast domain



Virtual LANs (VLAN)

Sample Network with Two Broadcast Domains and No VLANs

Sample Network with Two VLANs Using One Switch



Campus Design Terminology

The term campus LAN refers to the LAN created to support larger buildings, or multiple buildings in somewhat close proximity to one another

Cisco uses three terms to describe the role of each switch in a campus design:1. Access 2. Distribution3. Core

The roles differ based on whether: The switch forwards traffic from user devices and the rest of the

LAN (access) The switch forwards traffic between other LAN switches

(distribution and core)

Using designs that connect a larger number of access switches to a small number of distribution switches reduces cabling




Campus LAN with Design Terminology Listed




Access switches: Connect directly to end users, providing user device access to the

LAN. Send traffic to and from the end-user devices to which they are

connected and sit at the edge of the LAN

Distribution switches: Provide a path through which the access switches can forward traffic

to each other. Each of the access switches connects to at least one distribution

switch, relying on distribution switches to forward traffic to other parts of the LAN

Most designs use at least two uplinks to two different distribution switches for redundancy

Core switches: The largest campus LANs often use core switches to forward traffic between distribution switches



Ethernet LAN Media and Cable Lengths

When designing a campus LAN, an engineer must consider the length of each cable run and then find the best type of Ethernet and cabling type

10BASE-T, 100BASE-T, and 1000BASE-T have the same 100-meter cable restriction, but they use slightly different cables

The EIA/TIA defines Ethernet cabling standards, including the cable’s quality

Each Ethernet standard that uses UTP cabling lists a cabling quality category as the minimum category that the standard supports: 10BASE-T allows for Category 3 (CAT3) cabling or better 100BASE-T calls for higher-quality CAT5 cabling 1000BASE-T requires even higher-quality CAT5e or CAT6




Optical cables support a variety of much longer distances than the 100 meters supported by Ethernet on UTP cables

Optical cables experience much less interference from outside sources as compared to copper cables

The type of optical cabling can also impact the maximum distances per cable: Multimode fiber supports shorter distances, but it is generally

cheaper cabling and it works fine with less-expensive LEDs. Single-mode fiber supports the longest distances but is more

expensive. Often use laser-based hardware




Ethernet Types, Media, and Segment Lengths (Per IEEE)



Autonegotiation

Ethernet devices on the ends of a link must use the same standard or they cannot correctly send data

IEEE autonegotiation (IEEE standard 802.3u) defines a protocol that lets the two UTP-based Ethernet nodes on a link negotiate so that they each choose to use the same speed and duplex settings.

The protocol messages flow outside the normal Ethernet electrical frequencies as out-of-band signals over the UTP cable

Each node states what it can do, and then each node picks the best options that both nodes support: The fastest speed and the best duplex setting, with full-duplex

being better than half-duplex



Autonegotiation

Many networks use autonegotiation every day, particularly between user devices and the access layer LAN switches

IEEE Autonegotiation Results with Both Nodes Working Correctly



Autonegotiation Results When Only One Node Uses Autonegotiation

Most Ethernet devices can disable autonegotiation, so it is just as important to know what happens when a node tries to use autonegotiation but the node gets no response

If autonegotiation enabled on both ends of the link, the nodes should pick the best speed and duplex. However, when enabled on only one end, many issues can arise: The link might not work at all, or it might just work poorly

IEEE autonegotiation defines some rules that nodes should use when autonegotiation fails:

Speed: Use your slowest supported speed (often 10 Mbps) Duplex: If your speed = 10 or 100, use half-duplex; otherwise, use

full-duplex Cisco switches can actually sense the speed used by other node,

even without IEEE autonegotiation




IEEE Autonegotiation Results with Autonegotiation Disabled on One Side




PC1 shows a classic and unfortunately common end result: a duplex mismatch

The two nodes can send data However, PC1, using full-duplex, does not attempt to use CSMA/CD logic and sends frames at any time.

Switch port F0/1, with halfduplex, does use CSMA/CD. As a result, switch port F0/1 will believe collisions occur on the link, even if none physically occur

The switch port will stop transmitting, back off, resend frames, and so on. As a result, the link is up, but it performs poorly

when both devices are attempting to transmit at the same time, the packet sent by the full-duplex end will be discarded and lost due to an assumed collision and the packet sent by the half duplex device will be delayed or lost due to a CRC error in the frame



Autonegotiation and LAN Hubs

Hubs do not react to autonegotiation messages, and they do not forward the messages.

As a result, devices connected to a hub must use the IEEE rules for choosing default settings, which often results in the devices using 10 Mbps and halfduplex

IEEE Autonegotiation with a LAN Hub

Building Ethernet LANs with Switches


References

1) Cisco Systems, Inc, www.cisco.com/

2) Wendell Odom ,”Cisco CCENT/CCNA ICND1 100-101 Official Cert Guide”, Cisco Press, USA, 2013

http://www.cisco.com/

Technology

CCNA R&S-07-Building Ethernet LANs with Switches